公开(公告)号：US20210319120A1

公开(公告)日：2021-10-14

申请号：US17355297

申请日：2021-06-23

Applicant: Citrix Systems, Inc.

Inventor： Thomas Kludy ,  Ricardo Fernando Feijoo

IPC: G06F21/60 ,  G06F21/62 ,  H04L9/08 ,  H04L29/06 ,  G06Q20/00 ,  G06Q20/38 ,  G06Q20/36 ,  H04W12/06

Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

公开(公告)号：US20210136058A1

公开(公告)日：2021-05-06

申请号：US16669992

申请日：2019-10-31

Applicant: Citrix Systems, Inc.

Inventor： Katia Lopez ,  Joel Pineiro ,  Javier Alejandro Figueroa ,  Ricardo Fernando Feijoo

IPC: H04L29/06

Abstract: Methods and systems for authentication using multiple identity providers are described herein. A first identity provider may receive, e.g., from a second identity provider, an indication of an authentication request. The first identity provider may retrieve, from a storage device, session information associated with the request. The first identity provider may authenticate, using one or more first functions, based on the session information, and based on authentication credentials received from a user, the user. Based on the authentication, the first identity provider may modify the session information. The second identity provider may authenticate, based on the session information and using one or more second functions, the user. The one or more second functions may comprise providing the user a token based on the session information. The session information may be subsequently deleted.

公开(公告)号：US10885028B2

公开(公告)日：2021-01-05

申请号：US15875087

申请日：2018-01-19

Applicant: Citrix Systems, Inc.

Inventor： Jose Reyes ,  Tom Kludy ,  Ricardo Fernando Feijoo

IPC: G06F16/2453 ,  G06F9/455 ,  G06F16/182 ,  G06F16/18 ,  G06F16/23 ,  G06F16/27

Abstract: Methods and devices for searching and aggregating data in a distributed cloud computing environment are provided. In some embodiments, a request from a client to perform a data transaction is received by a first server. The first server simultaneously spawns a plurality of threads, each thread sending to a different server of a plurality of servers the request to perform the data transaction. A response indicating whether the data transaction was performed by the server is received by the first server and from each server of the plurality of servers. In response to an indication that the data transaction was performed by one or more servers of the plurality of servers and when the data transaction is a get transaction: data corresponding to the data transaction is received by the first server and from the one more servers, the data received from the one or more servers is aggregated by the first server to form combined data, and the first server sends the combined data to the client. Finally, the first server sends a notification including information indicating a result of the data transaction to the client.

公开(公告)号：US10721222B2

公开(公告)日：2020-07-21

申请号：US15679686

申请日：2017-08-17

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Kludy

IPC: H04L29/06 ,  G06F21/33 ,  G06F21/41 ,  G06F21/40

Abstract: Aspects of the disclosure relate to extending single-sign-on to relying parties for federated logon providers. An enterprise identity provider server may receive a first authentication token previously issued to an enterprise server by the enterprise identity provider server. Subsequently, the enterprise identity provider server may retrieve, from a token store, a second authentication token associated with a federated identity service provided by a federated identity provider server. The enterprise identity provider server may refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token. Finally, the enterprise identity provider server may send the refreshed authentication token to the enterprise server, which may enable user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.

公开(公告)号：US10440024B2

公开(公告)日：2019-10-08

申请号：US15482904

申请日：2017-04-10

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Michael Kludy

IPC: H04L9/00 ,  H04L29/06

Abstract: A principal database is described in which each entry includes one principal identity, and one or more alias identities that may each have an authorization scope. Principal identity attributes include a principal identifier and login credentials, and alias identity attributes include an authorization scope and login credentials. Responsive to successfully authenticating the user for a first application (a multiple-identity application), based on the alias identity login credentials, an access token containing both the alias identity attributes and the principal identity attributes is transmitted to the first application, causing the first application to grant a scope of access based on the authorization scope. Responsive to a request to authenticate the user for a second application (a single-identity application), the access token is transmitted to the second application without re-authenticating the user, causing the second application to grant a scope of access based on the principal identifier.

公开(公告)号：US20190114340A1

公开(公告)日：2019-04-18

申请号：US15784328

申请日：2017-10-16

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo

IPC: G06F17/30

Abstract: A technique involves normalizing identification of users (e.g., different customer organizations) across disparate local systems (e.g., different electronic platforms that provide different products and/or services). Such normalization of user identification enables a provider to accurately ascertain a particular user of multiple disparate local systems even when the multiple disparate local systems identify that user using different identification schemes. Accordingly, the provider is able to offer enhanced support to that user across the multiple disparate local systems. For example, with such normalization of user identification, the provider may employ a single authentication system across the various local systems thus enabling the user to authenticate via the same authentication process regardless of which local system the user attempts to access. As another example, the provider may collect data among the disparate local systems and apply analytics to identify optimization opportunities for the user that could not be otherwise be conveniently determined.

公开(公告)号：US20190058768A1

公开(公告)日：2019-02-21

申请号：US15875730

申请日：2018-01-19

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Kenneth Bell ,  Mark Howell ,  Manbir Chauhan

IPC: H04L29/08 ,  H04L12/46 ,  H04L29/06

CPC classification number: H04L67/16 ,  H04L12/4633 ,  H04L67/1002 ,  H04L67/2814 ,  H04L69/04

Abstract: Technology for providing communication connectivity between network entities located in different isolated communication networks through a centralized cloud service. A cloud service connector in a source communication network receives an initial connection request from a source end point device in the source communication network, and determines a customer name and requested service associated with the port number indicated in the request. Mappings are established between the source end point device and a destination end point device that provides the requested service from within a destination communication network that is associated with the customer name. Network traffic is conveyed between the source end point device and the destination end point device through the cloud service by tunneling packets over connections between the cloud service connector in the source communication network and the cloud service and between a cloud service connector in the destination communication network and the cloud service.

公开(公告)号：US20190058706A1

公开(公告)日：2019-02-21

申请号：US15679686

申请日：2017-08-17

Applicant: Citrix Systems, Inc.

Inventor： Ricardo Fernando Feijoo ,  Thomas Kludy

IPC: H04L29/06 ,  G06F21/41 ,  G06F21/33

Abstract: Aspects of the disclosure relate to extending single-sign-on to relying parties for federated logon providers. An enterprise identity provider server may receive a first authentication token previously issued to an enterprise server by the enterprise identity provider server. Subsequently, the enterprise identity provider server may retrieve, from a token store, a second authentication token associated with a federated identity service provided by a federated identity provider server. The enterprise identity provider server may refresh the second authentication token with the federated identity service provided by the federated identity provider server to obtain a refreshed authentication token. Finally, the enterprise identity provider server may send the refreshed authentication token to the enterprise server, which may enable user devices managed by the enterprise server to access one or more resources provided by a third party system using the federated identity service.

公开(公告)号：US09906461B2

公开(公告)日：2018-02-27

申请号：US14161553

申请日：2014-01-22

Applicant: Citrix Systems, Inc.

Inventor： Thomas M. Kludy ,  Ashish Gujarathi ,  Ricardo Fernando Feijoo

IPC: G06F15/173 ,  H04L12/911 ,  H04L12/24 ,  G06F9/455

CPC classification number: H04L47/70 ,  G06F9/455 ,  H04L41/0893

Abstract: The embodiments are directed to methods and devices for creating one or more network groups. The methods and devices can define a network group with one or more properties. The methods and devices can identify a plurality of isolated networks, and can assign the plurality of isolated networks to the defined network group. The methods and devices can assign machines to at least one of the plurality of isolated networks, wherein the network group enables unrestricted routing.

公开(公告)号：US09838249B2

公开(公告)日：2017-12-05

申请号：US15286835

申请日：2016-10-06

Applicant: Citrix Systems, Inc.

Inventor： Thomas M. Kludy ,  Ashish Gujarathi ,  Felipe Leon ,  Juliano Maldaner ,  Andrew Ogle ,  Ricardo Fernando Feijoo

IPC: G06F1/32 ,  G06F9/44 ,  G06F9/50 ,  G06F9/45 ,  G06F11/07 ,  H04L12/24 ,  H04L29/08 ,  G06F9/455 ,  H04L29/06

CPC classification number: H04L41/08 ,  G06F9/4405 ,  G06F9/4416 ,  G06F9/45558 ,  G06F9/505 ,  G06F9/5083 ,  G06F11/0706 ,  G06F11/0793 ,  G06F2009/45595 ,  H04L41/0816 ,  H04L67/10 ,  H04L67/1023 ,  H04L67/34 ,  H04L67/42

Abstract: One or more aspects of this disclosure may relate to using a configurable server farm preference for an application, desktop or other hosted resource. Additional aspects may relate to moving server farm workloads based on the configurable server farm preference. Further aspects may relate to performing reboot cycles, a reboot schedule and on-demand rebooting. Yet further aspects may relate to staggering individual machine reboot operations over a specified period of time and performing reboot operations such that some machines are available for user sessions during a reboot cycle.